permissions necessary to administer any computer or resource in a domain

Administrators

local administrator of the computer and install software

Organization Management

members of this group has full access to all exchange server properties throughout the Exchange organization

Recipient Management

to modify any Exchange-related on All exchange recipients

Exchange Servers

Members of this group are the computer accounts for all Exchange servers. This security group provides Exchange servers with the permissions necessary to access one another and perform necessary Exchange functions.

View-Only Organization Management

Members of this group have view-only access permissions to all Exchange Server properties and recipient objects in the Exchange organization.

UM Management

Members will be granted access to manage the Unified Messaging (UM) features. Features such as mailbox properties as it relates to UM, auto attendant and UM server configuration

discovery management

When users or administrators are added to this group they will be given access to perform searches on Exchanged mailboxes. Members of this group can search by specific criteria

records management

Members of records management have the required permissions to configure features such as transport rules and retention policy tags.

Server Management

Members of this group are given the access needed to administer the Exchange 2010 server configuration. This group will grant access to the physical servers so as to allow configuration of mailbox features such as database copies, transport queues and Send connectors. This group is similar to the Exchange Server Administrators role in Exchange Server 2007. This group will not give them rights to administer the Exchange 2010 recipient configuration

help desk

Limited access will be granted to members of this group to manage Exchange 2010 recipients

Hygiene Management

Permissions to configure antivirus and antispam features are granted to members of this group

public folder management

Members of this group have the required permissions to manage public folders and databases. By default this role group is assigned management roles, which can be added or removed to meet the needs of your organization.

/PrepareSchema

PrepareSchema must be run once in a forest. It should be run on the domain controller that is configured with the schema master role, but this is not a requirement. It extends the Active Directory schema with the objects necessary to run Exchange Server 2010.

PrepareAD

PrepareAD command must also be run within the domain root of the forest and is used to create the global Exchange objects and configuration. If the schema has not yet been extended, the /PrepareAD command will accomplish that. Additionally, the /PrepareAD command accomplishes the tasks performed by the /PrepareDomain command in the domain root

PrepareDomain

PrepareDomain command must be run in each domain where Exchange Server 2010 will be installed to identify the domain's address list server and to create special domain accounts that Exchange needs in order to run properly.

PrepareAllDomains

Alternatively, the /PrepareAllDomains command will perform the /PrepareDomain command against each of the domains in the forest provided the account with which you are running the command is a member of the Enterprise Admins group.

This requires access to TCP port 25. The Internet Mail Connector and Internet Mail Service use TCP port 25 for inbound SMTP messages as defined by RFC-821. For inbound SMTP messages, the Internet Mail Connector and Internet Mail Service monitor port 25 for incoming connections from other SMTP hosts. Microsoft Exchange Server supports IMAP4 as defined in the RFC-2060 and RFC- 2061.